Another Word For It Patrick Durusau on Topic Maps and Semantic Diversity

June 1, 2015

Weaknesses In The ‘Dark Web’

Filed under: Cybersecurity,Security — Patrick Durusau @ 12:34 pm

Hackers Scan All Tor Hidden Services To Find Weaknesses In The ‘Dark Web’ by Thomas Fox-Brewster.

From the post:

If you go down to the deep web today, you’ll be following hot on the heels of a digital beast. In a matter of hours last week, the entire semi-anonymising Tor network, where activists and criminals alike try to hide from the gaze of their respective authorities, was traversed by PunkSPIDER, an automated scanner that pokes websites to uncover vulnerabilities.

Created by Alejandro Caceres and his girlfriend-cum-business partner Amanda Towler, PunkSPIDER, which provides a simple Google-like search tool for weaknesses in the vast number of indexable websites that exist today, has turned its gaze to Tor-based sites. The plan is to help improve security across the “dark web”, one of its numerous disputed noms de guerre. But the creepy crawler could aid law enforcement, who might not want exploitable bugs on illegal sites patched by their criminal operators. Such flaws might offer investigators a path into the server and, with the right warrants, be useful for future investigations.

A couple of interesting security findings:

  • Static HTML sites + no attack surfaces on the application side = more security
  • HSDir nodes in a Tor network may not be as secure as you think (see post for details)

Sounds like a market opportunity for anyone scanning the ‘Dark Web’ to offer monitoring of sites for vulnerabilities. Residents of the ‘Dark Web’ have greater incentives for security than the average website.

The researchers found a site they found objectionable and are going to “share it with law enforcement before releasing it publicly.” Their call but I do object to “sharing” with law enforcement. Law enforcement budgets are quite large and they should pay for information like everyone else.

Let’s be clear. Your local city or county police may be “on your side” but the folks who need cyber intelligence and high end technical advice, are pursuing their own agendas. They can be clients like anyone else but they should also be paying clients.

Use information to introduce your services, but only the first one should be free. 😉

Non-prosecution of Clapper – A Mark of Privilege?

Filed under: Government,NSA,Politics — Patrick Durusau @ 10:31 am

As of today, it has been 811 days since Gen. Clapper lied to the United States Senate Select Committee on Intelligence:

On March 12th, 2013, during a United States Senate Select Committee on Intelligence hearing, Senator Ron Wyden asked Director of National Intelligence James R. Clapper the following question:

“Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?”

Director Clapper responded “No, sir.”

Incredulously, Senator Wyden asked “It does not?”

Director Clapper responded “Not wittingly. There are cases where they could inadvertantly perhaps collect, but not wittingly.”

So that he would be prepared to answer, Senator Wyden gave these questions to Director Clapper’s office a day in advance of the hearing. Upon the hearing’s completion, he also gave the Director a chance to amend his answer. He opted not to do so.

A video of Clapper committing perjury can be found at: Has James Clapper been indicted for perjury yet?, along with links to people across the political spectrum calling for his prosecution.

I find it extremely ironic that US District Judge Katherine Forrest would characterize the Ulbricht’s arguments as “a mark of privilege” in light of the ongoing illegal activities of the NSA and the non-prosecution of Gen. Clapper for perjury. Judge says Ulbricht’s “harm reduction” arguments are fantasies, a mark of privilege.

At the very worst, for all the boo-hooing at his sentencing hearing, Ross Ulbricht was just a common criminal. Even the twenty-year minimum sentence is harsh in light of the need of the government to improve its own cybersecurity. Being sentenced to do community service half-time for the government as a cybersecurity consultant for a term of years would more than have repaid any imagined debt to society.

Clapper’s crime on the other hand, strikes at the heart of the controller of the purse (the legislative branch), to know how funds it has appropriated are being used. To say nothing of its monitoring the executive branch for its adherence to laws passed by the legislative branch.

The executive branch pursues Ulbricht and not Clapper. The judicial branch ignores the ongoing criminal enterprise that is the current executive branch and wastes valuable cyber talent in a fit of pique.

Clapper should be prosecuted for perjury and his many other crimes. Ulbricht should be resentenced and a sentence that makes meaningful use of his talents for public good should be imposed. (Since the executive branch can ignore laws at will, the judge can ignore any minimum sentencing requirements as well.)

« Newer Posts

Powered by WordPress